You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on May 15, 2026. It is now read-only.
In affected versions of astro, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served.
Details
On-demand rendered sites built with Astro include an /_image endpoint which returns optimized versions of images.
The /_image endpoint is restricted to processing local images bundled with the site and also supports remote images from domains the site developer has manually authorized (using the image.domains or image.remotePatterns options).
However, a bug in impacted versions of astro allows an attacker to bypass the third-party domain restrictions by using a protocol-relative URL as the image source, e.g. /_image?href=//example.com/image.png.
Proof of Concept
Create a new minimal Astro project (astro@5.13.0).
Configure it to use the Node adapter (@astrojs/node@9.1.0 — newer versions are not impacted):
The site will serve the image from the unauthorized placehold.co origin.
Impact
Allows a non-authorized third-party to create URLs on an impacted site’s origin that serve unauthorized image content.
In the case of SVG images, this could include the risk of cross-site scripting (XSS) if a user followed a link to a maliciously crafted SVG.
4d16de7 Thanks @ematipico! - Improves the detection of remote paths in the _image endpoint. Now href parameters that start with // are considered remote paths.
#1417339911b8 Thanks @florian-lefebvre! - Adds an experimental flag staticImportMetaEnv to disable the replacement of import.meta.env values with process.env calls and their coercion of environment variable values. This supersedes the rawEnvValues experimental flag, which is now removed.
Astro allows you to configure a type-safe schema for your environment variables, and converts variables imported via astro:env into the expected type. This is the recommended way to use environment variables in Astro, as it allows you to easily see and manage whether your variables are public or secret, available on the client or only on the server at build time, and the data type of your values.
However, you can still access environment variables through process.env and import.meta.env directly when needed. This was the only way to use environment variables in Astro before astro:env was added in Astro 5.0, and Astro's default handling of import.meta.env includes some logic that was only needed for earlier versions of Astro.
The experimental.staticImportMetaEnv flag updates the behavior of import.meta.env to align with Vite's handling of environment variables and for better ease of use with Astro's current implementations and features. This will become the default behavior in Astro 6.0, and this early preview is introduced as an experimental feature.
Currently, non-public import.meta.env environment variables are replaced by a reference to process.env. Additionally, Astro may also convert the value type of your environment variables used through import.meta.env, which can prevent access to some values such as the strings "true" (which is converted to a boolean value), and "1" (which is converted to a number).
The experimental.staticImportMetaEnv flag simplifies Astro's default behavior, making it easier to understand and use. Astro will no longer replace any import.meta.env environment variables with a process.env call, nor will it coerce values.
To enable this feature, add the experimental flag in your Astro config and remove rawEnvValues if it was enabled:
This feature allows you to edit files directly in the browser and have those changes reflected in your local file system via a connected workspace folder. This allows you to apply edits such as CSS tweaks without leaving your browser tab!
With this feature enabled, the Astro dev server will automatically configure a Chrome DevTools workspace for your project. Your project will then appear as a workspace source, ready to connect. Then, changes that you make in the "Sources" panel are automatically saved to your project source code.
To enable this feature, add the experimental flag chromeDevtoolsWorkspace to your Astro config:
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
This PR includes no changesets
When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types
Because you closed this PR without merging, Renovate will ignore this update (5.13.2). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.
If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
None yet
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
5.12.9->5.13.2GitHub Vulnerability Alerts
CVE-2025-55303
Summary
In affected versions of
astro, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served.Details
On-demand rendered sites built with Astro include an
/_imageendpoint which returns optimized versions of images.The
/_imageendpoint is restricted to processing local images bundled with the site and also supports remote images from domains the site developer has manually authorized (using theimage.domainsorimage.remotePatternsoptions).However, a bug in impacted versions of
astroallows an attacker to bypass the third-party domain restrictions by using a protocol-relative URL as the image source, e.g./_image?href=//example.com/image.png.Proof of Concept
Create a new minimal Astro project (
astro@5.13.0).Configure it to use the Node adapter (
@astrojs/node@9.1.0— newer versions are not impacted):Build the site by running
astro build.Run the server, e.g. with
astro preview.Append
/_image?href=//placehold.co/600x400to the preview URL, e.g. http://localhost:4321/_image?href=//placehold.co/600x400The site will serve the image from the unauthorized
placehold.coorigin.Impact
Allows a non-authorized third-party to create URLs on an impacted site’s origin that serve unauthorized image content.
In the case of SVG images, this could include the risk of cross-site scripting (XSS) if a user followed a link to a maliciously crafted SVG.
Release Notes
withastro/astro (astro)
v5.13.2Compare Source
Patch Changes
4d16de7Thanks @ematipico! - Improves the detection of remote paths in the_imageendpoint. Nowhrefparameters that start with//are considered remote paths.Updated dependencies [
4d16de7]:v5.13.1Compare Source
Patch Changes
f2490abThanks @delucis! - Fixes theexperimental.chromeDevtoolsWorkspacefeature.v5.13.0Compare Source
Minor Changes
#14173
39911b8Thanks @florian-lefebvre! - Adds an experimental flagstaticImportMetaEnvto disable the replacement ofimport.meta.envvalues withprocess.envcalls and their coercion of environment variable values. This supersedes therawEnvValuesexperimental flag, which is now removed.Astro allows you to configure a type-safe schema for your environment variables, and converts variables imported via
astro:envinto the expected type. This is the recommended way to use environment variables in Astro, as it allows you to easily see and manage whether your variables are public or secret, available on the client or only on the server at build time, and the data type of your values.However, you can still access environment variables through
process.envandimport.meta.envdirectly when needed. This was the only way to use environment variables in Astro beforeastro:envwas added in Astro 5.0, and Astro's default handling ofimport.meta.envincludes some logic that was only needed for earlier versions of Astro.The
experimental.staticImportMetaEnvflag updates the behavior ofimport.meta.envto align with Vite's handling of environment variables and for better ease of use with Astro's current implementations and features. This will become the default behavior in Astro 6.0, and this early preview is introduced as an experimental feature.Currently, non-public
import.meta.envenvironment variables are replaced by a reference toprocess.env. Additionally, Astro may also convert the value type of your environment variables used throughimport.meta.env, which can prevent access to some values such as the strings"true"(which is converted to a boolean value), and"1"(which is converted to a number).The
experimental.staticImportMetaEnvflag simplifies Astro's default behavior, making it easier to understand and use. Astro will no longer replace anyimport.meta.envenvironment variables with aprocess.envcall, nor will it coerce values.To enable this feature, add the experimental flag in your Astro config and remove
rawEnvValuesif it was enabled:// astro.config.mjs import { defineConfig } from "astro/config"; export default defineConfig({ + experimental: { + staticImportMetaEnv: true - rawEnvValues: false + } });Updating your project
If you were relying on Astro's default coercion, you may need to update your project code to apply it manually:
If you were relying on the transformation into
process.envcalls, you may need to update your project code to apply it manually:You may also need to update types:
// src/env.d.ts interface ImportMetaEnv { readonly PUBLIC_POKEAPI: string; - readonly DB_PASSWORD: string; - readonly ENABLED: boolean; + readonly ENABLED: string; } interface ImportMeta { readonly env: ImportMetaEnv; } + namespace NodeJS { + interface ProcessEnv { + DB_PASSWORD: string; + } + }See the experimental static
import.meta.envdocumentation for more information about this feature. You can learn more about using environment variables in Astro, includingastro:env, in the environment variables documentation.#14122
41ed3acThanks @ascorbic! - Adds experimental support for automatic Chrome DevTools workspace foldersThis feature allows you to edit files directly in the browser and have those changes reflected in your local file system via a connected workspace folder. This allows you to apply edits such as CSS tweaks without leaving your browser tab!
With this feature enabled, the Astro dev server will automatically configure a Chrome DevTools workspace for your project. Your project will then appear as a workspace source, ready to connect. Then, changes that you make in the "Sources" panel are automatically saved to your project source code.
To enable this feature, add the experimental flag
chromeDevtoolsWorkspaceto your Astro config:See the experimental Chrome DevTools workspace feature documentation for more information.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.